Fanny Lalonde Lévesque scite author profile

Nsiempba

et al. 2013

The success of malicious software (malware) depends upon both technical and human factors. The most security conscious users are vulnerable to zero-day exploits; the best security mechanisms can be circumvented by poor user choices. While there has been significant research addressing the technical aspects of malware attack and defense, there has been much less research reporting on how human behavior interacts with both malware and current malware defenses.In this paper we describe a proof-of-concept field study designed to examine the interactions between users, antivirus (anti-malware) software, and malware as they occur on deployed systems. The 4-month study, conducted in a fashion similar to the clinical trials used to evaluate medical interventions, involved 50 subjects whose laptops were instrumented to monitor possible infections and gather data on user behavior. Although the population size was limited, this initial study produced some intriguing, non-intuitive insights into the efficacy of current defenses, particularly with regards to the technical sophistication of end users. We assert that this work shows the feasibility and utility of testing security software through long-term field studies with greater ecological validity than can be achieved through other means.

show abstract

Measuring the health of antivirus ecosystems

Somayaji

Batchelder

et al. 2015

Methodology for a Field Study of Anti-malware Software

Davis

et al. 2012

Abstract. Anti-malware products are typically evaluated using structured, automated tests to allow for comparison with other products and for measuring improved efficiency against specific attacks. We propose that anti-malware testing would benefit from field studies assessing effectiveness in more ecologically valid settings. This paper presents our methodology for conducting a 4-month field study with 50 participants, including discussion of deployment and data collection, encouraging retention of participants, ethical concerns, and our experience to date.

show abstract

Age and gender as independent risk factors for malware victimisation

Batchelder

2017

Risk prediction of malware victimization based on user behavior

Somayaji

2014